The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of “.mkp” files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role.

Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku

Kaynak: National Vulnerability Database